If you accept payments through a website, you may be required to scan your website payment pages. If you're unsure which pages to scan, consult your web developer to identify the correct domain(s).
Load balancer requirements:
During setup, you'll be asked if your website uses a load balancer. Think of a load balancer as a traffic director that distributes visitors evenly across multiple servers. For example, event ticketing websites often use load balancers to handle traffic spikes and prevent crashes.
Important: PCI DSS does not require you to have a load balancer—you simply need to confirm whether you use one.
Active protection systems:
If your website uses active protection such as:
- Web Application Firewall (WAF)
- Intrusion Prevention System (IPS)
You must allow scan access by whitelisting our IP address ranges in these systems. The required IP ranges are available on your scan dashboard.
Note: Whitelisting is not done on your firewall—it only applies to active protection systems that might block the scan.
Scan duration:
Network and website scans typically take up to 24 hours, sometimes longer. These scans will not affect or alter your network, and you can continue working normally while the scan runs.